ws-security

I'm trying to develop a standalone Java web service client with JAX-WS (Metro) that uses WS-Security with Username Token Authentication (Password digest, nonces and timestamp) and timestamp verification along with WS-Addressing over SSL. The WSDL I have to work with does not define any security policy information. I have been unable to figure out exactly how to add this header information (the correct way to do so) when the WSDL does not contain this information. Most examples I have found using Metro revolve around using Netbeans to automatically generate this from the WSDL which does not

Everybody, Hello! This is my request message: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu

I generated a bunch of client classes from a WSDL with CXF's wsdl2java. How do I add WS-Security to the header when doing something like this: URL url = new URL("http://fqdn:8080/service/MessageHandler"); MessageHandlerService service = new MessageHandlerService(url); MessageHandler handler = service.getMessageHandler(); MyMessage message = new MyMessage(); message.setSender("User 1"); handler.sendMessage(message); I think handler is a javax.xml.ws.Service instance. Usually it's done outside the code . In that case THIS might help If you want to add programatically , Programmatically adding

I am consuming an old Java web service from WCF that requires the request in the form: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Header> <wsse:Security mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="xxx" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ssecurity-utility-1.0.xsd"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse

I have a WCF SOAP consumer that is implemented by Visual Studio 2012 from a WSDL. The WSDL was generated by PeopleTools. The base object is of type System.ServiceModel.ClientBase . I need the SOAP request to resemble: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://xmlns.oracle.com/Enterprise/Tools/schemas"> <soapenv:Header> <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>

I need to create a wcf client to call a service that I have no control over. I have been given a wsdl and a working soapui project. The service uses both a username/password and a x509 certificate. UPDATE I now understand what the problem is, but am still unsure what steps I need to take to be able to create the required message, so any help would be much appreciated. I need to sign both the UsernameToken and the SecurityTokenReference. The code I had to create the custom binding has been removed from this post as its no longer used. I no longer add a SecurityBindingElement to the binding,

What is the best approach to implementing authorisation/authentication for a Windows Forms app talking to an IIS-hosted RESTful WCF Service? The reason I ask is I am very confused, after sifting through different articles and posts expressing a different method and eventually hitting a ~650 page document on WCF Security Best Practices" ( http://www.codeplex.com/WCFSecurityGuide ) I am just uncertain which approach is the BEST to take and how to get started on implementation, given my scenario. I started with this article "A Guide to Designing and Building RESTful Web Services with WCF 3.5" (

I need to consume a web service secured with WS-Security from ASP.NET. I'm testing the service with SoapUI, being the envelop request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://aduana.gov.py/webservices"> <soapenv:Header/> <soapenv:Body> <web:agregarGuia> <!--Optional:--> <guia>?</guia> <!--Optional:--> <autenticacion> <!--Optional:--> <codAduana>?</codAduana> <!--Optional:--> <firmaWSAA>?</firmaWSAA> <!--Optional:--> <idUsuario>?</idUsuario> <!--Optional:--> <ticketWSAA>?</ticketWSAA> </autenticacion> </web:agregarGuia> </soapenv:Body> <